ad NetlQ. 


NetIQ Identity Manager 
Jobs Guide 


February 2018 


Legal Notice 


For information about NetIQ legal notices, disclaimers, warranties, export and other use restrictions, U.S. Government 
restricted rights, patent policy, and FIPS compliance, see https://www.netiq.com/company/legal/. 


Copyright (C) 2018 NetIQ Corporation. All rights reserved. 


Contents 


About this Book and the Library 
About NetIQ Corporation 


1 Overview 


2 Adding a Predefined Job 


Adding Other Predefined Jobs... 0.0... ccc cc cc cence nen ee nens 


3 Configuring the Properties of Predefined Jobs 


Understanding the Different States of aJoD.. 1... cc eens 
Configuring the Random Password Generator Job ........ 0.000 cece eens 
Configuring the Schedule Driver Job... 1.0.0.0... ccc cc eens 
Configuring the Subscriber Channel Trigger JOb............. 0 cece cece e eee 
Configuring the Driver Health Job. 0... 0... cece nee eens 
Configuring the Password Expiration Notification Job.............000 00 eee 


Modifying the Association Statistics Job Configuration 


4 Creating a Custom Job 


Job'Componentsk.sutslisseador sr Snake Soe ewe be ee ker selt ie Heste die 
Creating the Job Definition and Job Implementation .................00005 
Adding the Job........-..»avavav cee ee ence ence r nen nn 


5 Starting a Job 


6 Stopping a Job 


7 Disabling a Job 


8 Checking a Job’s Status 


9 Tracing a Job 


10 Deleting a Job 


31 


33 


35 


37 


39 


41 


About this Book and the Library 


The Jobs Guide contains information about managing Identity Manager jobs. 


Intended Audience 


This book provides information for Identity Manager administrators, partners, and consultants. 


Other Information in the Library 


For more information about the library for Identity Manager, see the Identity Manager 
documentation website. 
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About this Book and the Library 


About NetIQ Corporation 


We are a global, enterprise software company, with a focus on the three persistent challenges in 
your environment: Change, complexity and risk—and how we can help you control them. 


Our Viewpoint 


Adapting to change and managing complexity and risk are nothing new 
In fact, of all the challenges you face, these are perhaps the most prominent variables that deny 
you the control you need to securely measure, monitor, and manage your physical, virtual, and 
cloud computing environments. 

Enabling critical business services, better and faster 


We believe that providing as much control as possible to IT organizations is the only way to 
enable timelier and cost effective delivery of services. Persistent pressures like change and 
complexity will only continue to increase as organizations continue to change and the 
technologies needed to manage them become inherently more complex. 


Our Philosophy 


Selling intelligent solutions, not just software 


In order to provide reliable control, we first make sure we understand the real-world scenarios 
in which IT organizations like yours operate — day in and day out. That's the only way we can 
develop practical, intelligent IT solutions that successfully yield proven, measurable results. And 
that's so much more rewarding than simply selling software. 

Driving your success is our passion 


We place your success at the heart of how we do business. From product inception to 
deployment, we understand that you need IT solutions that work well and integrate seamlessly 
with your existing investments; you need ongoing support and training post-deployment; and 
you need someone that is truly easy to work with — for a change. Ultimately, when you 
succeed, we all succeed. 


Our Solutions 


* Identity & Access Governance 

* Access Management 

+ Security Management 

+ Systems & Application Management 
+ Workload Management 


+ Service Management 
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Contacting Sales Support 


For questions about products, pricing, and capabilities, contact your local partner. If you cannot 
contact your partner, contact our Sales Support team. 


Worldwide: www.netiq.com/about netiq/officelocations.asp 
United States and Canada: 1-888-323-6768 
Email: info@netiq.com 
Web Site: www.netiq.com 


Contacting Technical Support 


For specific product issues, contact our Technical Support team. 


Worldwide: www.netiq.com/support/contactinfo.asp 
North and South America: 1-713-418-5555 

Europe, Middle East, and Africa: +353 (0) 91-782 677 

Email: support@netiq.com 

Web Site: www.netiq.com/support 


Contacting Documentation Support 


Our goal is to provide documentation that meets your needs. The documentation for this product is 
available on the NetIQ Web site in HTML and PDF formats on a page that does not require you to log 
in. If you have suggestions for documentation improvements, click Add Comment at the bottom of 
any page in the HTML version of the documentation posted at www.netiq.com/documentation. You 
can also email Documentation-Feedback@netig.com. We value your input and look forward to 
hearing from you. 


Contacting the Online User Community 


NetIQ Communities, the NetIQ online community, is a collaborative network connecting you to your 
peers and NetIQ experts. By providing more immediate information, useful links to helpful 
resources, and access to NetIQ experts, NetIQ Communities helps ensure you are mastering the 
knowledge you need to realize the full potential of IT investments upon which you rely. For more 
information, visit https://www.netiq.com/communities/. 


About NetIQ Corporation 


Overview 


Identity Manager provides the ability to launch jobs that perform specific tasks. The jobs can be run 
one or more times either manually or at scheduled times. 


Identity Manager provides six predefined jobs: 


* 


* 


* 


* 


* 


* 


Random Password Generator: Generates a random password for each object defined in the 
job’s scope. The password is generated by NMAS to match a Password Policy object that the job 
references. The job submits the generated passwords one at a time to a driver's Subscriber 
channel. The Subscriber channel policies must take action on the passwords. 


Schedule Driver: Starts or stops a driver. 


Subscriber Channel Trigger: Sends event documents to be processed by a driver’s Subscriber 
channel. For example, a job could generate an event document to trigger policies associated 
with a user. Submitted event documents can be queued to the driver cache, or they can bypass 
the cache and be processed immediately. 


Driver Health: Evaluates the health conditions for a driver, assigns the health state, and carries 
out any actions associated with the health state. This job is used in conjunction with driver 
health monitoring. For complete instructions about setting up driver health monitoring, 
including using the Driver Health job, see “Monitoring Driver Health” in the Net/Q Identity 
Manager Driver Administration Guide. 


Password Expiration Notification: Searches an LDAP directory for objects whose passwords 
expire in a specified number of days. When an object that meets the criteria is discovered, the 
job sends an e-mail to the address contained in the object’s mail LDAP attribute. 


Association Statistics: Calculates the association statistics per server. 


Information about using the predefined jobs is provided in Chapter 2, “Adding a Predefined Job,” on 
page 11 and Chapter 3, “Configuring the Properties of Predefined Jobs,” on page 15. 


You can also develop custom jobs to perform tasks. A custom job requires you to create a Job 
Definition and a Job Implementation. The Job Definition is XML code that defines the parameters for 
the job. The Job Implementation is a JAR file that contains the Java classes that perform the task. The 
job can perform any task that you can implement through Java classes. Because the job is initiated 
through the Identity Manager engine, the job also has access to the Identity Vault data. For more 
information, see Chapter 4, “Creating a Custom Job,” on page 27. 
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Adding a Predefined Job 


Identity Manager includes the following predefined jobs: 
+ Driver Health: Evaluates the health conditions for the driver, assigns the health state, and 
carries out any actions associated with the health state. 


¢ Password Expiration Notification: Sends e-mail notifications to users whose passwords are 
about to expire. 


* Random Password Generator: Generates a random password for identified objects. 
¢ Schedule Driver: Starts or stops the driver. 


¢ Subscriber Channel Trigger: Submits XML documents to the Subscriber channel to trigger 
events. 


¢ Association Statistics: Calculates the association statistics per server. 


Two jobs (Driver Health and Password Expiration Notification) also operate at the driver set level; 
they automatically apply to all drivers in the driver set unless you change the job scope to exclude 
some drivers. 


The last three jobs (Random Password Generator, Schedule Driver, and Subscriber Channel Trigger) 
operate at the driver level, which means that you can add them to individual drivers. 


+ “Adding Other Predefined Jobs” on page 11 


Adding Other Predefined Jobs 


The following steps provide instructions for using iManager to add all of the predefined jobs (Driver 
Health, Password Expiration Notification, Random Password Generator, Schedule Driver, Subscriber 
Channel Trigger). For information about using Designer to add jobs, see “Scheduling Jobs” in the 
NetIQ Designer for Identity Manager Administration Guide. 


1 In iManager, click (P) to display the Identity Manager Administration page. 
2 Open the Overview page for the driver or driver set where you want to add the job: 


2a In the Administration list, click Identity Manager Overview to display the Identity Manager 
Overview page. 


2b In the Search in field, specify the fully distinguished name of the container where you want 


to start searching for driver sets and then click P, or leave [root] in the field and click » | to 
search from the root of the tree. 


You can also click |Ñ] to browse for and select the container in the tree structure, or click 


‘Fl to select the container from a list of previously selected objects. 
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2c After the available driver sets are displayed on the Driver Sets page, click the desired driver 
set to display the Driver Set Overview page. 


2d (Conditional) If you are adding the job to a driver, click the driver to display the Driver 
Overview page. 


3 Click the Jobs tab. 
4 Click New to display the Create Job page. 


Driver: Active Directory.IDM Driver Set.Novell 


Overview ` Advanced ÆR 
Create Job 


Job Name: 
Job1 


— Job type 


© Installed 


‘Subscriber channel trigger» 


This job submits zero or more trigger documents to the 
subscriber channel. The submission may either be a document 
per object if a scope is defined or may be a single document 
for each job run. 


© Custom 


Enter the XML that defines the custom job. 


Servers 


Select the server(s) this job should run on: 


IDMTEST. Novell 


OK | _ Cancel | 


5 Inthe Job Name field, specify a descriptive name for the job. 


6 Under Job Type, make sure that Installed is selected, then choose one of the following job types: 


¢ Driver Health (Driver Set): Evaluates the health conditions for a driver, assigns the health 
state, and carries out any actions associated with the health state. 


+ Password Expiration Notification (Driver Set): Sends e-mail notifications to users whose 
passwords are about to expire. 


Adding a Predefined Job 


* Random Password Generator (Driver Only): Generates a random password for each 
object in the job’s scope. The password is generated by NMAS to match the Password 
Policy object that the job references. These Password Policy objects are not usually the 
same as those used for eDirectory user password policies. 


The job submits the generated passwords one at a time to the driver’s Subscriber channel. 
The Subscriber channel policies must take action on the passwords. 


* Schedule Driver (Driver Only): Starts or stops the associated driver. You can also toggle a 
driver to start the driver if it is stopped or to stop the driver if it is running. 


¢ Subscriber Channel Trigger (Driver Only): Submits zero or more trigger documents to the 
Subscriber channel. The submission can either be a document per object if a scope is 
defined, or it can be a single trigger event if no scope is defined. 


Trigger event documents identify the job and the scope object. A trigger event can bypass 
the cache and be processed immediately if desired. Trigger jobs allow you to use driver 
policies that you can customize for your personal requirements. 


7 In the Server field, select the servers where you want to run the job. 


8 Click OK to create the job and display its configuration properties. 
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Job: check driver health. driverset1 idm. services. system 


Identity Manager 


Schedule Scope Parameters Results — 


Java class name: com.novell.nds.dirxml.job.ckdryhealth.CheckDriverHealthJob 
V] Enable job 
C] Delete the job after it runs once 


Servers 


Select the server(s) this job should run on: 


M] metaserver1.metaserver1.servers.system 


Email server: 
Default Notification Collection.Security | al 


Display name: 


[Driver Health | 


Description: 


This job checks the health of drivers by evaluating the 
criteria defined in the driver's health configuration. 


9 To configure the job’s properties, continue with the instructions in the appropriate section: 
+ “Configuring the Random Password Generator Job” on page 16 
+ “Configuring the Schedule Driver Job” on page 18 
+ “Configuring the Subscriber Channel Trigger Job” on page 19 
+ “Configuring the Driver Health Job” on page 21 


+ “Configuring the Password Expiration Notification Job” on page 23 
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Configuring the Properties of Predefined 
Jobs 


The following sections provide instructions for using iManager to configure the properties for five of 
the predefined jobs: Random Password Generator, Schedule Driver, Subscriber Channel Trigger, 
Driver Health, and Password Expiration Notification. 


Each job generates intermediate results and a final result, where the intermediate results have an 
impact on the final result. For more information, see “Understanding the Different States of a Job” 
on page 15. 


For each job, you can schedule the runtimes, define the scope of objects that the job applies to, set 
the job-specific parameters, and determine the methods used for results notification. For 
information about using Designer to configure a job, see “Scheduling Jobs” in the Net/Q Designer for 
Identity Manager Administration Guide. 


The steps assume that the job is already added to a driver or driver set. For more information on 
adding predefined jobs, see Chapter 2, “Adding a Predefined Job,” on page 11. 

+ “Understanding the Different States of a Job” on page 15 

+ “Configuring the Random Password Generator Job” on page 16 

+ “Configuring the Schedule Driver Job” on page 18 

+ “Configuring the Subscriber Channel Trigger Job” on page 19 

+ “Configuring the Driver Health Job” on page 21 

+ “Configuring the Password Expiration Notification Job” on page 23 


+ “Modifying the Association Statistics Job Configuration” on page 25 


Understanding the Different States of a Job 


When a job runs, it generates intermediate results and a final result. The possible results are Success, 
Warning, Error, and Aborted. The intermediate results have an impact on the final result. The final 
result is generated when the job is finished. 


For each result, you can specify the action you want performed when it occurs. You can instruct the 
job to generate an event for Novell Audit or Novell Sentinel and also generate an e-mail notification. 
Alternatively, you might want no action to occur for an intermediate success result and an e-mail 
notification to be sent for an intermediate error result. 

Success 


Returned when a job has successfully executed without any errors or warnings. 
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Warning 


Returned when a job cannot complete its execution because of unfulfilled prerequisites 
required for a successful run of the job. For example, a driver is not configured with health 
check before a health check job is run on the driver. The job returns a warning as a final result. 


A warning is also displayed when a job partly succeeds in executing its defined task. For 
example, when a Password Expiration Notification job does not find an object’s 
passwordExpirationTime attribute value, the job generates a warning message for that 
object as an intermediate result. If you instructed the job to send an e-mail to the address 
contained in the object’s mail LDAP attribute, the job does not send the specified e-mail. When 
the job finishes its scheduled run, Identity Manager displays a warning with an appropriate 
message. 


A Password Generator job generates an intermediate success message when it successfully 
generates a password for a user. If the job fails to generate a password for a user object for 
some reason, Identity Manager displays a warning as a final result. 


Error 


Returned when a job has insufficient rights on the object on which it is scheduled to run. An 
error is also reported when a job is executing and an exception occurs. For example, running a 
Schedule Driver job to run an already running driver or schedule the job to stop an already 
stopped driver. 


Abort 


Stops a job before the job completes its scheduled run. For example, terminating a job using 
dxcmd. Or, when Identity Manager engine is stopped, all running jobs are automatically 
aborted. 


Configuring the Random Password Generator Job 


The Random Password Generator job creates a random password for each object defined in the job’s 
scope. The password is generated by NMAS to match a Password Policy object that the job 
references. Generally, each driver requires a password policy designed specifically for the connected 
system. If you don’t have a password policy to use, you need to create one before continuing with 
the job configuration. The job submits the generated passwords one at a time to the driver’s 
Subscriber channel. The Subscriber channel policies must take action on the passwords. 


1 Make sure you've already added the job to the driver. If you haven't, see Chapter 2, “Adding a 
Predefined Job,” on page 11. 

2 On the General page in iManager, configure the following options: 
Enable Job: Leave this option selected unless you don’t want the job to run. 


Delete the Job After it Runs Once: Select this option if you want the job to run one time only 
and then be deleted. 


Servers: Select the servers where you want the job to run. Multiple servers are available only if 
the driver is running on multiple servers. 
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E-mail Server: To monitor the job, you (or others) can receive e-mail notifications whenever 
certain results occur for the job. You configure e-mail notification on the Results page. However, 
to enable this e-mail notification to work, you must first specify the e-mail server that will be 


used to send the notifications. Click the [4] button to locate and select the Default Notification 
Collection object or any other notfTemplateCollection object that defines an SMTP mail server. 


Display Name: Displays the name assigned to the job. 
Description: Displays the description assigned to the job. 
On the Schedule page, select one of the following options: 


Run on a Schedule: Runs the job on a daily, weekly, monthly, or yearly schedule. You can also 
specify a custom schedule; use the crontab standard when specifying a custom schedule. 


Run Manually: Runs the job only when you initiate it through the Run Now option (see 
Chapter 5, “Starting a Job,” on page 31). 


On the Scope page, click Add to add the objects for which you want to generate passwords. 
On the Parameters page, fill in the following fields: 


Password Policy Object Used for Password Generation: Select the Password Policy object you 
want to use to generate the passwords. NMAS uses the password policy to generate the 
passwords. Generally, each driver requires a password policy designed specifically for the 
connected system. If you don’t have a password policy to use, click OK to save the job’s current 
configuration, then create a password policy. 


Generate a Password for Objects without a Driver Association: This is set to False by default. If 
you added objects to the Scope page that are not associated with objects in the driver’s 
connected system, and you want to generate passwords for these objects, select True. 


On the Results page, define the actions you want performed based on the results for the job. 


Each time the job runs, it generates intermediate results and a final result. For each result, you 
can specify the action you want performed when it occurs. For more information, see 
“Understanding the Different States of aJob” on page 15. 


6a Click the No action link next to the result to display the Result Notification dialog box. 
6b Select Audit result if you want to generate an event for Novell Audit or Novell Sentinel. 
or 
Select Send email, then fill in the recipient and e-mail template information. 
6c Click OK to save your changes. 
When you have finished configuring the job, click OK to save your changes. 
The job is added to the job list. 
Select the job in the list (by selecting the check box next to the job name), then click Get Status. 


The Job Status dialog box displays any configuration errors. Because the job requires rights to 
the driver object and those rights have not yet been granted, you see an Insufficient 
rights to driver object error. 


Click Grant rights, then click OK to confirm the action. 


If other errors are displayed, resolve the errors. Otherwise, click Close to close the Job Status 
dialog box. 
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Configuring the Schedule Driver Job 


The Schedule Driver job starts or stops the driver based on an established schedule. 
1 Make sure you've already added the job to the driver. If you haven't, see Chapter 2, “Adding a 
Predefined Job,” on page 11. 
2 On the General page in iManager, configure the following options: 
Enable Job: Leave this option selected unless you don’t want the job to run. 


Delete the Job After it Runs Once: Select this option if you want the job to run one time only 
and then be deleted. 


Servers: Select the servers where you want the job to run. Multiple servers are available only if 
the driver is running on multiple servers. 


Email Server: To monitor the job, you (or others) can receive e-mail notifications whenever 
certain results occur for the job. You configure e-mail notification on the Results page. However, 
to enable this e-mail notification to work, you must first specify the e-mail server that will be 


used to send the notifications. Click the [4] button to locate and select the Default Notification 
Collection object or any other notfTemplateCollection object that defines an SMTP mail server. 


Display Name: Displays the name assigned to the job. 
Description: Displays the description assigned to the job. 
3 On the Schedule page, select one of the following options: 


Run on a Schedule: Runs the job on a daily, weekly, monthly, or yearly schedule. You can also 
specify a custom schedule; use the crontab standard when specifying a custom schedule. 


Run Manually: Runs the job only when you initiate it through the Run Now option (see 
Chapter 5, “Starting a Job,” on page 31). 


4 Ignore the Scope page; it does not apply to the Schedule Driver job. 
5 On the Parameters page, select the type of action you want the job to perform: 
Start the Driver: Starts or restarts the driver. 
Stop the Driver: Stops the driver. 
Toggle the Driver: Starts the driver if it is stopped. Stops the driver if it is running. 
6 On the Results page, define the actions you want performed based on the results for the job. 


Each time the job runs, it generates intermediate results and a final result. For each result, you 
can specify the action you want performed when it occurs. For more information, see 
“Understanding the Different States of aJob” on page 15. 


6a Click the No action link next to the result to display the Result Notification dialog box. 
6b Select Audit result if you want to generate an event for Novell Audit or Novell Sentinel. 
or 
Select Send email, then fill in the recipient and e-mail template information. 
6c Click OK to save your changes. 
7 When you have finished configuring the job, click OK to save your changes. 
The job is added to the job list. 
8 Select the job in the list (by selecting the check box next to the job name), then click Get Status. 
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The Job Status dialog box displays any configuration errors. Because the job requires rights to 
the driver object and those rights have not yet been granted, you see an Insufficient 
rights to driver object error. 


9 Click Grant rights, then click OK to confirm the action. 


10 If other errors are displayed, resolve the errors. Otherwise, click Close to close the Job Status 
dialog box. 


Configuring the Subscriber Channel Trigger Job 


The Subscriber Channel Trigger job sends event documents to be processed by the driver’s 
Subscriber channel. For example, a job could generate an event document to trigger policies 
associated with a user. 


You configure the job to generate zero, one, or more event documents by defining a scope for the 
job. The scope identifies objects for which you want the job to trigger events. If you do not include a 
scope (no objects), the job creates one event document. If you identify one or more objects, the job 
creates event documents for each object. 


Submitted event documents can be queued to the driver cache, or they can bypass the cache and be 
processed immediately. 


1 Make sure you've already added the job to the driver. If you haven't, see Chapter 2, “Adding a 
Predefined Job,” on page 11. 

2 On the General page in iManager, configure the following options: 
Enable Job: Leave this option selected unless you don’t want the job to run. 


Delete the Job After it Runs Once: Select this option if you want the job to run one time only 
and then be deleted. 


Servers: Select the servers where you want the job to run. Multiple servers are available only if 
the driver is running on multiple servers. 


Email Server: To monitor the job, you (or others) can receive e-mail notifications whenever 
certain results occur for the job. You configure e-mail notification on the Results page. However, 
to enable this e-mail notification to work, you must first specify the e-mail server that will be 


used to send the notifications. Click the [4] button to locate and select the Default Notification 
Collection object or any other notfTemplateCollection object that defines an SMTP mail server. 


Display Name: Displays the name assigned to the job. 
Description: Displays the description assigned to the job. 
3 On the Schedule page, select one of the following options: 


Run on a Schedule: Runs the job on a daily, weekly, monthly, or yearly schedule. You can also 
specify a custom schedule; use the crontab standard when specifying a custom schedule. 


Run Manually: Runs the job only when you initiate it through the Run Now option (see 
Chapter 5, “Starting a Job,” on page 31). 


4 On the Scope page, add the objects for which you want the job to trigger events. For each 
identified object, the job creates an event document. If no object is scoped, the job trigger 
creates one event document. 
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On the Parameters page, set the parameters for which you want the job to submit trigger 
documents. 


1. If you want to submit a trigger document for scoped objects that do not have a driver 
association, select True. Otherwise, keep the default of False. 


2. If you want to use the job’s Common Name (CN) as a document identifier trigger, keep the 
default of True. Otherwise, select False. 


3. (Optional) If you select False, enter the string that the job can use as the value for the 
trigger element’s Source attribute. 


4. Select a method for submitting the trigger documents. If you want to queue the job the 
trigger is from, keep the default of Queue (use cache). Otherwise, select Direct (bypass 
cache). 


5. (Optional) If you select Direct (bypass cache), you are presented with the Start driver if not 
running option. If you want to start the driver if it is not running, keep the default of True. 
Otherwise, select False. 


6. (Optional) If you select True on the Start driver if not running option, you are presented 
with the Stop driver when finished processing triggers option with the default of True. Use 
the default to stop the driver once it finishes processing the trigger job, or select False to 
keep the driver running. 


A customized job definition has its own parameter set. 
On the Results tab, define the actions you want performed based on the results for the job. 


Each time the job runs, it generates intermediate results and a final result. For each result, you 
can specify the action you want performed when it occurs. For more information, see 
“Understanding the Different States of aJob” on page 15. 


6a Click the No action link next to the result to display the Result Notification dialog box. 
6b Select Audit result if you want to generate an event for Novell Audit or Novell Sentinel. 
or 
Select Send email, then fill in the recipient and e-mail template information. 
6c Click OK to save your changes. 
When you have finished configuring the job, click OK to save your changes. 
The job is added to the job list. 
Select the job in the list (by selecting the check box next to the job name), then click Get Status. 
The Job Status dialog box displays any configuration errors. 
Click Grant rights, then click OK to confirm the action. 


If other errors are displayed, resolve the errors. Otherwise, click Close to close the Job Status 
dialog box. 
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Configuring the Driver Health Job 


The Driver Health job evaluates the conditions for a driver’s health states, assigns the driver with the 
appropriate state, executes any actions associated with the assigned state, and stores the driver’s 
transaction data. The default polling interval is one minute. For more information about setting up 
health monitoring for a driver, see “Monitoring Driver Health” in the Net/Q Identity Manager Driver 
Administration Guide. 


1 Make sure you’ve already added the job to the driver set. If you haven’t, see Chapter 2, “Adding 
a Predefined Job,” on page 11. 

2 On the General page in iManager, configure the following options: 
Enable Job: Leave this option selected unless you don’t want the job to run. 


Delete the Job After it Runs Once: Select this option if you want the job to run one time only 
and then be deleted. 


Servers: Select the servers where you want the job to run. Multiple servers are available only if 
the driver is running on multiple servers. 


Email Server: To monitor the job, you (or others) can receive e-mail notifications whenever 
certain results occur for the job. You can configure e-mail notification on the Results page. 
However, to enable this e-mail notification to work, you must first specify the e-mail server that 


will be used to send the notifications. Click the Ñ] button to locate and select the Default 
Notification Collection object or any other notfTemplateCollection object that defines an SMTP 
mail server. 


Display Name: Displays the name assigned to the job. 
Description: Displays the description assigned to the job. 
3 On the Schedule page, specify when you want the job to run: 


The Driver Health job is a continuously running job, meaning that it does not stop unless a 
health state action shuts it down or it is shut down manually. The job must run continuously to 
be able to support transaction data collection for use in Transactions History conditions. 


If the job does stop, it is restarted based on the schedule. 


Run on a Schedule: Runs the job on a daily, weekly, monthly, or yearly schedule. You can also 
specify a custom schedule; use the crontab standard when specifying a custom schedule. The 
default schedule checks every minute to see if the job is running. If the job is not running, it is 
started. 


Run Manually: Runs the job only when you initiate it through the Run Now option (see 
Chapter 5, “Starting a Job,” on page 31). 


4 On the Scope page, add the driver sets or individual drivers you want the job applied to. 


By default, the job applies to all drivers in the driver set. You can, however, modify the list so 
that the job applies only to specific drivers in the driver set. You can also add other driver sets or 
drivers from other driver sets. 


5 Onthe Parameters page, select the type of action you want the job to perform: 


Login ID: This defaults to the login ID that was used when creating the driver job. You should 
change this only if you want the driver to authenticate by using different credentials. 
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You need the following rights to run the health job: 


* Read permission with inheritance to the DirXML-AccessConfigure attribute of the 
Driver Set object 


+ Read permission with inheritance to the DirXML-AccessRun attribute of the Driver Set 
object 

+ Write permission with inheritance to the DirXML-AccessSubmitCommand attribute of 
the Driver Set object 


Login password: This is the password required for the login ID that you supplied in the Login ID 
field. 


Subscriber Heartbeat: Controls whether the Driver Health job does a heartbeat query ona 
driver's Subscriber channel before performing a healthcheck on the driver. 


Polling interval: Calculates the driver’s transaction data that the health job will store. The 
default polling interval is one minute. 


NOTE: This parameter was earlier used to perform the following actions: 
+ Determined how often the job evaluated the conditions for the health states. 
* Assigned the driver the appropriate state. 
* Executed any actions associated with the assigned state. 


+ Stored the driver’s transaction data. 


Polling interval units: Specifies the time unit (minutes, hours, days, weeks) for the number 
specified in the Polling interval setting. 


Duration sampling data is kept: Specifies how long a driver’s transaction data is kept. The 
default, two weeks, causes a transaction to be retained for two weeks before being deleted. A 
longer duration provides a greater time period that can be used in Transactions History 
conditions, but requires more memory. For example, to use a Transactions History condition 
that evaluates of the number of publisher reported events for the last 10 days, you need to keep 
transaction data for at least 10 days. 


Duration units: Specifies the time unit (minutes, hours, days, weeks) for the number specified 
in the Duration sampling data is kept setting. 


The combination of Polling interval, Polling interval units, Duration sampling data is kept, and 
Duration units define how much sampling data is maintained by the Driver Health Job, which 
indicates how much memory the Driver Health Job will require to run. 


To store transaction data for one driver every minute (Polling interval) for two weeks (Duration 
sampling data is kept) requires approximately 15 MB of memory. 


For more information about setting up health monitoring for a driver, see “Memory 
Requirements for Driver Health” in the NetIQ Identity Manager Driver Administration Guide. 


On the Results page, define the actions you want performed based on the results for the job. 


Each time the job runs, it generates intermediate results and a final result. For each result, you 
can specify the action you want performed when it occurs. For more information, see 
“Understanding the Different States of aJob” on page 15. 


6a Click the No action link next to the result to display the Result Notification dialog box. 
6b Select Audit result if you want to generate an event for Novell Audit or Novell Sentinel. 


or 
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Select Send email, then fill in the recipient and e-mail template information. 
6c Click OK to save your changes. 
7 When finished configuring the job, click OK to save your changes. 
The job is added to the job list. 
8 Select the job in the list (by selecting the check box next to the job name), then click Get Status. 


The Job Status dialog box displays any configuration errors. Because the job requires rights to 
the driver object and those rights have not yet been granted, you see an Insufficient 
rights to driver object error. 


9 Click Grant rights, then click OK to confirm the action. 


10 If other errors are displayed, resolve the errors. Otherwise, click Close to close the Job Status 
dialog box. 


Configuring the Password Expiration Notification Job 


The Password Expiration Notification job searches an LDAP directory for objects whose passwords 
expire in a specified number of days. When an object that meets the criteria is discovered, the job 
sends an e-mail to the address contained in the object’s mail LDAP attribute. 


1 Make sure you’ve already added the job to the driver set. If you haven’t, see Chapter 2, “Adding 
a Predefined Job,” on page 11. 

2 On the General page in iManager, configure the following options: 
Enable Job: Leave this option selected unless you don’t want the job to run. 


Delete the Job After it Runs Once: Select this option if you want the job to run one time only 
and then be deleted. 


Servers: Select the servers where you want the job to run. Multiple servers are available only if 
the driver is running on multiple servers. 


Email Server: To monitor the job, you (or others) can receive e-mail notifications whenever 
certain results occur for the job. You configure e-mail notification on the Results page. However, 
to enable this e-mail notification to work, you must first specify the e-mail server that will be 


used to send the notifications. Click the [4] button to locate and select the Default Notification 
Collection object or any other notfTemplateCollection object that defines an SMTP mail server. 


Display Name: Displays the name assigned to the job. 
Description: Displays the description assigned to the job. 
3 On the Schedule page, specify when you want the job to run: 


Run on a Schedule: Runs the job on a daily, weekly, monthly, or yearly schedule. You can also 
specify a custom schedule; use the crontab standard when specifying a custom schedule. The 
default schedule checks every minute to see if the job is running. If the job is not running, it is 
started. 


Run Manually: Runs the job only when you initiate it through the Run Now option (see 
Chapter 5, “Starting a Job,” on page 31). 


4 Ignore the Scope page, it does not apply to this job. 


5 On the Parameters page, fill in the following fields: 
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LDAP Connection: Use the following fields to specify the information required to connect to the 
LDAP directory. 
* LDAP Host: Specify the IP address or DNS name of the LDAP server. 
¢ Use SSL/TLS: Select True if the LDAP connection is secured with SSL/TLS, then set the 
following options: 


+ LDAP Port: Specify the port number that LDAP uses to make a connection. If Use SSL/ 
TLS is set to False, the default value is 389. If Use SSL/TLS is set to True, the default 
value is 636. 


¢ SSL/TLS Provider: Specify whether the SSL/TLS provider is Novell Secure Transport 
Layer (NTLS) or Java Secure Socket Extension (JSSE). If you select NTLS, you must 
provide the name of a KMO object to create the secure connection. If you select JSSE, 
you must provide a keystore pair of certificates to create the secure connection. 


+ LDAP Authentication Type: Select whether the LDAP connection is an anonymous 
connection or an authenticated connection. If you select Authenticated, you must provide 
the username and password of the object that authenticates to the Identity Vault. 


LDAP Search: Use the following fields to specify the information used when sending the 
expiration notification e-mail to users: 


* Days Until Password expires: Specify the days, prior to when the password expires, when 
the job sends an e-mail to users informing them that their password is expiring. By default, 
the job sends an e-mail to the users 30 days, 15 days, 5 days, and 1 day before their 
passwords expire. 


¢ Search Base: Specify the DN of the container where the job search occurs. The default 
value for the Resource Kit is ou=users,o=company,dc=data. 


* Object Class: Specify the LDAP object class to search. The default is inetOrgPerson. 


Notification Email: Use the following fields to specify the information used to create the 
expiration notification e-mail, receivers of the e-mail, and other e-mail settings. 


¢ Notification Email Template: Specify the name of the template used to create the 
expiration notification e-mail. The default is the Password Expiration Notification template 
in the Default Notification Collection object. 


+ User Name Attribute: Specify the LDAP attribute used to add the username into the 
notification template. 


* From: Specify the e-mail address used to populate the e-mail’s From field. 


+ Show Advanced Options: Select True to display the advanced options, or select False to 
hide the advanced options. The advanced options are: 


+ Reply to: Specify the e-mail address that appears in the Reply to field. 

* Admin BCC: Specify an administrator to blind copy on the notification e-mail. 
+ Character encoding: Specify the desired character encoding. 

+ Custom SMTP headers: Specify a custom SMTP header if desired. 


6 On the Results page, define the actions you want performed based on the results for the job. 
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Each time the job runs, it generates intermediate results and a final result. For each result, you 
can specify the action you want performed when it occurs. For more information, see 
“Understanding the Different States of aJob” on page 15. 


6a Click the No action link next to the result to display the Result Notification dialog box. 
6b Select Audit result if you want to generate an event for Novell Audit or Novell Sentinel. 
or 
Select Send email, then fill in the recipient and e-mail template information. 
6c Click OK to save your changes. 
7 When you have finished configuring the job, click OK to save your changes. 
The job is added to the job list. 
8 Select the job in the list (by selecting the check box next to the job name), then click Get Status. 


The Job Status dialog box displays any configuration errors. Because the job requires rights to 
the driver object and those rights have not yet been granted, you see an Insufficient 
rights to driver object error. 


9 Click Grant rights, then click OK to confirm the action. 


10 If other errors are displayed, resolve the errors. Otherwise, click Close to close the Job Status 
dialog box. 


Modifying the Association Statistics Job Configuration 


The Association Statistics job runs on a daily, weekly, monthly, or yearly basis. 


1 Onthe General page in iManager, configure the following options: 
Enable Job: Leave this option selected unless you do not want the job to run. 


Delete the Job After it Runs Once: Select this option if you want the job to run one time only 
and then be deleted. 


Servers: Select the servers where you want the job to run. Multiple servers are available only if 
the driver is running on multiple servers. 


Email Server: To monitor the job, you (or others) can receive e-mail notifications whenever 
certain results occur for the job. You configure e-mail notification on the Results page. However, 
to enable the e-mail notification, you must specify the e-mail server that will be used to send 


the notifications. Click the |] button to locate and select the Default Notification Collection 
object or any other notfTemplateCollection object that defines an SMTP mail server. 


Email server password: Use this option to set your email server password. 
Display Name: Displays the name assigned to the job. 
Description: Displays the description assigned to the job. 

2 On the Schedule page, specify when you want the job to run: 


Run on a Schedule: Runs the job on a daily, weekly, monthly, or yearly schedule. You can also 
specify a custom schedule; use the crontab standard when specifying a custom schedule. By 
default, the job is checked every week to see if it is running. If the job is not running, it is 
started. 


Run Manually: Runs the job only when you initiate it through the Run Now option (see 
Chapter 5, “Starting a Job,” on page 31). 
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Ignore the Scope page, it does not apply to this job. 
On the Parameters page, perform the following actions: 


Count no-reference associations: To calculate the no-reference associations, select True. By 
default, the value is set to False, which allows the association statistics job to calculate only 
reference-based associations. 


IMPORTANT: To obtain the no-reference associations, add the StatisticsJob object (created 
under the driverset) as a trustee of the data container (where the associated objects reside). 
You need to have default set of rights. For example, All Attribute rights should have Compare 
and Read rights and Entry rights should have Browse rights. 


Persist Result DN’s: To export and view the identities, select True. If you select False, the 
identities are not exported and a message is displayed stating that Results discarded due 
to configuration settings. Enable "Persist Result DN's" in 
StatisticsJob parameters and recompute to view DN's. 


Specify System Objects: This list contains objects which are considered for system class. 


On the Results page, define the actions you want to be performed based on the results for the 
job. 
Each time the job runs, it generates intermediate results and a final result. For each result, you 


can specify the action you want performed when it occurs. For more information, see 
“Understanding the Different States of aJob” on page 15. 


5a Click the No action link next to the result to display the Result Notification dialog box. 
5b Select Audit result if you want to generate an event for Novell Audit or Novell Sentinel. 
or 
Select Send email, then fill in the recipient and e-mail template information. 
5c Click OK to save your changes. 
When you have finished configuring the job, click OK to save your changes. 
The job is added to the job list. 
Select the job in the list (by selecting the check box next to the job name), then click Get Status. 


The Job Status dialog box displays any configuration errors. 


8 Click Grant rights, then click OK to confirm the action. 


9 If other errors are displayed, resolve the errors. Otherwise, click Close to close the Job Status 
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dialog box. 


In the Misc tab, you can see the trace levels for the association statistics job. For more 
information about trace levels, see Chapter 9, “Tracing a Job,” on page 39. 
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Creating a Custom Job 


You can create a custom job to perform a task one or more times. The following sections provide the 
concepts and instructions required to create a custom job: 


* “Job Components” on page 27 
+ “Creating the Job Definition and Job Implementation” on page 28 


+ “Adding the Job” on page 28 


Job Components 


The following diagram identifies the principle components required to process a job: 


Figure 4-1 High-level view of Job Scheduler process 
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Job Manager: The Job Manager is responsible for launching scheduled jobs. It runs in the 
background on each Identity Manager server and checks every minute to see if a job is scheduled to 
run. When it encounters a scheduled job, it runs the appropriate Job Implementation. 


Job Object: The Job object contains all the information necessary to invoke the job. It includes the 
name, description, schedule, server list, and XML job definition. The Job object is created in the 
Identity Vault when you use Identity Manager or Designer to add the job to a driver set or driver. 


Job Definition: The Job Definition is an XML description of all the parameters necessary to perform a 
specific job, including the Job Implementation used to actually run the job. The Job Definition is an 
XML attribute associated with the Job object. 


Job Implementation: The Job Implementation file is typically a JAR file that contains the Java classes 
that perform the job. Each Identity Manager server where you want a job to run must have a copy of 
the Job Implementation file. The Job Manager runs the Job Implementation at the times scheduled 
in the Job Definition. 
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Creating the Job Definition and Job Implementation 


The Job Definition is XML that defines the parameters required to perform the job. This includes the 
schedule, scope, and notification parameters as well as the path to the Job Implementation file. To 
create the XML, see Jobs DTD in the DTD documentation (https://www.netig.com/documentation/ 
identity-manager-developer/dtd-documentation.html)page. 


The Job Implementation is a JAR file that contains the Java classes required to perform the job. 
Novell does not provide instructions for creating the Job Implementation. The only requirement is 
that the Java classes run in the Identity Manager server’s Java Runtime Environment. For more 
information, see Javadocs for the job interface. 


Adding the Job 


The following steps provide instructions for using iManager to add a custom job. For information 
about using Designer to add jobs, see “Scheduling Jobs” in the NetIQ Designer for Identity Manager 
Administration Guide. 


1 In iManager, click Q to display the Identity Manager Administration page. 
2 Open the Overview page for the driver or driver set where you want to add the job: 


2a In the Administration list, click Identity Manager Overview to display the Identity Manager 
Overview page. 


2b Inthe Search in field, specify the fully distinguished name of the container where you want 
to start searching for driver sets and then click >) or leave [root] in the field and click b|to 
search from the root of the tree. 
You can also click alto browse for and select the container in the tree structure, or click ‘Al 
to select the container from a list of previously selected objects. 


2c After the available driver sets are displayed on the Driver Sets page, click the desired driver 
set to display the Driver Set Overview page. 


2d (Conditional) If you are adding the job to a driver, click the driver to display the Driver 
Overview page. 


3 Click the Jobs tab. 
4 Click New to display the Create Job page. 
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Driver: Active Directory.IDM Driver Set.Novell 


Overview ` Advanced ÆR 


Create Job 


Job Name: 
Job1 


— Job type 
© Installed 


[5 ge 


This job submits zero or more trigger documents to the 
subscriber channel. The submission may either be a document 
per object if a scope is defined or may be a single document 
for each job run. 


© Custom 


Enter the XML that defines the custom job. 


— Servers 
Select the server(s) this job should run on: 
IDMTEST. Novell 


— Ok | __ Cancel | 


In the Job Name field, specify a descriptive name for the job. 
Under Job Type, select Custom, then paste the Job Definition’s XML into the text box. 


5 

6 

7 In the Server field, select the servers where you want to run the job. 
8 Click OK to create the job and display its configuration properties. 

9 


Provide the General, Schedule, Scope, Parameters, and Results information required by the Job 
Definition. 


10 When you have finished, click OK to save the configuration. 
The job is added to the Jobs list. 


11 Select the job in the list (by selecting the check box in front of the job name), then click Get 
Status. 


The Job Status dialog box displays any configuration errors. 


12 If errors are displayed, resolve the errors. Otherwise, click Close to close the Job Status dialog 
box. 
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Starting a Job 


You can start a job by establishing a run schedule for the job, or you can manually start the job. The 
following steps explain how to use iManager to manually start a job. For information about creating 
a schedule to run a job, see Chapter 2, “Adding a Predefined Job,” on page 11. For information about 
using Designer to start a job, see “Scheduling Jobs” in the NetIQ Designer for Identity Manager 
Administration Guide. 


1 In iManager, click (P) to display the Identity Manager Administration page. 
2 Open the Overview page for the driver or driver set where the job is defined: 


2a In the Administration list, click Identity Manager Overview to display the Identity Manager 
Overview page. 


2b Inthe Search in field, specify the fully distinguished name of the container where you want 
to start searching for driver sets and then click DI or leave [root] in the field and click bito 
search from the root of the tree. 
You can also click Elto browse for and select the container in the tree structure, or click ‘al 
to select the container from a list of previously selected objects. 


2c After the available driver sets are displayed on the Driver Sets page, click the desired driver 
set to display the Driver Set Overview page. 


2d (Conditional) If you are starting the job for a driver (rather than a driver set), click the 
driver to display the Driver Overview page. 


3 Click the Jobs tab. 


Driver Set Overview 


Driver Set: ‘driverset! idm.services.system | @ [fa] e] [>] 
Overview Libraries Dashboard 
New... | Run Now | Stop | Enable | Disable | Get Status | Delete 
C Job Name Enabled Next scheduled run Description 
E Password Expiration Notification Vv Not scheduled This job uses LDAP to look for objects + 
E Check driver health Vv Not scheduled This job checks the health of drivers by 
Close 


4 Select the check box in front of the job you want to start, then click Run Now. 


5 Click OK to dismiss the startup confirmation dialog box. 
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Stopping a Job 


You can abort a running job by stopping it. The job stops immediately without completing its task. 


The following steps provide instructions for using iManager to stop a job. For information about 
using Designer to stop a job, see “Scheduling Jobs” in the Net/Q Designer for Identity Manager 
Administration Guide. 


1 In iManager, click (7) to display the Identity Manager Administration page. 
2 Open the Overview page for the driver or driver set where the job is defined: 


2a In the Administration list, click Identity Manager Overview to display the Identity Manager 
Overview page. 

2b Inthe Search in field, specify the fully distinguished name of the container where you want 
to start searching for driver sets and then click Dl or leave [root] in the field and click dito 
search from the root of the tree. 
You can also click Elto browse for and select the container in the tree structure, or click ‘al 
to select the container from a list of previously selected objects. 

2c After the available driver sets are displayed on the Driver Sets page, click the desired driver 
set to display the Driver Set Overview page. 

2d (Conditional) If you are stopping the job for a driver (rather than a driver set), click the 
driver to display the Driver Overview page. 


3 Click the Jobs tab. 


Driver Set Overview [2] 
Driver Set: ‘driversetl idm.services.system | Q) [fa] [67] [>] 
Overview Libraries Dashboard 
New... | Run Now | Stop | Enable | Disable | Get Status | Delete 
[ Job Name Enabled Next scheduled run Description 
E Password Expiration Notification Vv Not scheduled This job uses LDAP to look for objects i 
E Check driver health Vv Not scheduled This job checks the health of drivers by 
Close 


4 Select the check box in front of the job you want to stop, then click Stop. 


5 Click OK to dismiss the confirmation dialog box. 
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Disabling a Job 


You can disable a job so that it does not run until it is enabled again. 

The following steps provide instructions for using iManager to disable a job. For information about 
using Designer to disable a job, see “Scheduling Jobs” in the Net/Q Designer for Identity Manager 
Administration Guide. 


1 In iManager, click (7) to display the Identity Manager Administration page. 
2 Open the Overview page for the driver or driver set where the job is defined: 
2a In the Administration list, click Identity Manager Overview to display the Identity Manager 
Overview page. 
2b Inthe Search in field, specify the fully distinguished name of the container where you want 
to start searching for driver sets and then click Dl or leave [root] in the field and click dito 
search from the root of the tree. 
You can also click Elto browse for and select the container in the tree structure, or click ‘Al 
to select the container from a list of previously selected objects. 
2c After the available driver sets are displayed on the Driver Sets page, click the desired driver 
set to display the Driver Set Overview page. 
2d (Conditional) If you are disabling the job for a driver (rather than a driver set), click the 
driver to display the Driver Overview page. 


3 Click the Jobs tab. 


Driver Set Overview [2] 
Driver Set: driverset! idm.services.system ] Q) [fa] [67] [>] 
Overview Libraries Dashboard 
New... | Run Now | Stop | Enable | Disable | Get Status | Delete 
[ Job Name Enabled Next scheduled run Description 
E Password Expiration Notification Vv Not scheduled This job uses LDAP to look for objects i 
E Check driver health Vv Not scheduled This job checks the health of drivers by 
Close 


4 Select the check box in front of the job you want to disable, then click Disable. 


5 Click OK to dismiss the confirmation dialog box. 
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Checking a Job’s Status 


You can ensure that a job is configured correctly by checking its status. If it is not configured 
correctly, the status provides error messages instructing you what needs to be done for the job to 
run properly. 


The following steps provide instructions for using iManager to check a job’s status. For information 
about using Designer to check the status of a job, see “Scheduling Jobs” in the Net/Q Designer for 
Identity Manager Administration Guide. 


1 In iManager, click @ to display the Identity Manager Administration page. 
2 Open the Overview page for the driver or driver set where the job is defined: 


2a In the Administration list, click Identity Manager Overview to display the Identity Manager 
Overview page. 


2b In the Search in field, specify the fully distinguished name of the container where you want 
to start searching for driver sets and then click >| or leave [root] in the field and click Plto 
search from the root of the tree. 
You can also click lto browse for and select the container in the tree structure, or click ‘al 
to select the container from a list of previously selected objects. 


2c After the available driver sets are displayed on the Driver Sets page, click the desired driver 
set to display the Driver Set Overview page. 


2d (Conditional) If you are checking the job for a driver (rather than a driver set), click the 
driver to display the Driver Overview page. 


3 Click the Jobs tab. 


Driver Set Overview Es 


Driver Set: ‘driversetl idm.services.system ] [QA] [fa] e [>] 
Overview Libraries Dashboard 
New... | Run Now | Stop | Enable | Disable | Get Status | Delete 
[ Job Name Enabled Next scheduled run Description 
E Password Expiration Notification Vv Not scheduled This job uses LDAP to look for objects + 
[ Check driver health Vv Not scheduled This job checks the health of drivers by 
Close 


4 Select the check box in front of the job you want to check, then click Get Status. 
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Job Status 


Next scheduled run: Not scheduled 
Configuration: Misconfigured 


Server DN Status 


metaserverl.metaserverl.servers,system Stopped 


5 Click Close when you’ve finished reviewing any errors. 
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Tracing a Job 


You can add trace levels to a job manually. The following steps provide instructions for manually 
tracing a job in iManager. 


For information about adding a trace level to a job in Designer, see “Configuring Jobs” in the Net/Q 
Designer for Identity Manager Administration Guide. 


1 In iManager, click Q to display the Identity Manager Administration page. 
2 Open the Overview page for the job where the job is defined: 


2a In the Administration list, click Identity Manager Overview to display the Identity Manager 
Overview page. 


2b Inthe Search in field, specify the fully distinguished name of the container where you want 
to start searching for driver sets and then click P|, or leave [root] in the field and click » Ito 
search from the root of the tree. 
You can also click alto browse for and select the container in the tree structure, or click ‘Al 
to select the container from a list of previously selected objects. 


2c After the available driver sets are displayed on the Driver Sets page, click the desired driver 
set to display the Driver Set Overview page. 


2d (Conditional) If you want to trace the job for a driver (rather than a driver set), click the 
driver to display the Driver Overview page. 


3 Click the Jobs tab. 

4 Click the job for which you want to add trace level. 
The Jobs dialog is displayed. 

5 Select the Misc tab. 


6 Set the parameters for tracing, then click OK. For information about the trace properties, see 
Table 9-1 on page 39. 


Table 9-1 Job Trace Parameters 


Parameter Description 


Trace level As the job trace level increases, the amount of information displayed in 
DSTrace increases. 


Trace level one shows errors, but not the cause of the errors. If you want to 
see password synchronization information, set the trace level to five. 


If you select Use setting from Driver Set, the value is taken from the driver 
set. 
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Parameter 


Trace file 


Trace file encoding 


Trace file size limit 


Trace name 


Tracing a Job 


Description 


Specify a file name and location of where the Identity Manager information 
is written for the selected job. 


If you select Use setting from Driver Set, the value is taken from the driver 
set. 


The trace file uses the system’s default encoding. You can specify another 
encoding if desired. 


Allows you to set a limit for the Java trace file. If you set the file size to 
unlimited, the file grows in size until there is no disk space left. 


NOTE: The trace file is created in multiple files. Identity Manager 
automatically divides the maximum file size by ten and creates ten separate 
files. The combined size of these files equals the maximum trace file size. 


If you select Use setting from Driver Set, the value is taken from the driver 
set. 


The job trace messages are prepended with the value entered instead of the 
job name. Use if the job name is very long. 


0 Deleting a Job 


You can configure a job to run once and then be deleted, or you can delete a job manually. The 
following steps provide instructions for manually deleting a job in iManager. For information about 
configuring a job to run once and then be deleted, see Chapter 3, "Configuring the Properties of 
Predefined Jobs,” on page 15. 


For information about deleting a job in Designer, see “Scheduling Jobs” in the Net/Q Designer for 
Identity Manager Administration Guide. 


1 In iManager, click (7) to display the Identity Manager Administration page. 
2 Open the Overview page for the driver or driver set where the job is defined: 


2a In the Administration list, click Identity Manager Overview to display the Identity Manager 
Overview page. 

2b Inthe Search in field, specify the fully distinguished name of the container where you want 
to start searching for driver sets and then click >| or leave [root] in the field and click Plto 
search from the root of the tree. 
You can also click lto browse for and select the container in the tree structure, or click ‘al 
to select the container from a list of previously selected objects. 


2c After the available driver sets are displayed on the Driver Sets page, click the desired driver 
set to display the Driver Set Overview page. 


2d (Conditional) If you are deleting the job for a driver (rather than a driver set), click the 
driver to display the Driver Overview page. 


3 Click the Jobs tab. 


Driver Set Overview [2] 


Driver Set: (driverset idm.services.system | [QA] (fal e [>] 
Overview Libraries | Jobs | Dashboard 
New... | Run Now | Stop | Enable | Disable | Get Status | Delete 
C Job Name Enabled Next scheduled run Description 
[ Password Expiration Notification W Not scheduled This job uses LDAP to look for objects \ 
[ Check driver health Vv Not scheduled This job checks the health of drivers by 
Close 
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4 Select the check box in front of the job you want to delete, then click Delete. 


5 Click OK to confirm the deletion. 
Sometimes a deleted job continues to run if it is not stopped before being deleted. 
To delete an already running job: 


1 Stop the job. 
2 Delete the job. 


If you don't stop the job before deleting it, it continues to run. 


42 Deleting a Job 


